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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



In re application of: 



Confirmation No.: 4441 



Eliot LEAR 



Group Art Unit No.: 2136 



Serial No.: 10/822,927 



Examiner: JOHNSON, Carlton 



Filed on: April 12, 2004 



ATTACHMENT TO PRE-APPEAL BRIEF REQUEST FOR REVIEW 



The final Office Action mailed October 15, 2007 contains clear errors and fails to show 
that the cited references describe or suggest all features of Claims 1, 3-21, 23-25, 27-29, and 31- 
47. Since a rejection under 35 U.S.C. § 102 that does not show prior disclosure of specific 
claimed features is clearly erroneous, the claims should be allowed for the reasons discussed 
below. 

Claims 1, 21, 25, and 29 stand constructively rejected under 35 U.S.C. § 112, first 
paragraph. Claims 1, 3-21, 23-25, 27-29, and 31-47 stand rejected under 35 U.S.C. § 102(e) as 
allegedly anticipated by Bosler, U.S. Patent Application Publication No. US 2005/0010757 
("BOSLER"). For brevity, this attachment addresses in detail only the rejections of the 
independent Claims 1, 8, 18, 21, 25, and 29. 

1. Rejection of Claims 1, 21, 25, and 29 under 35 U.S.C. § 112, first paragraph. 

On page 2, the final Office Action objected under 35 U.S.C. § 132(a) to the claim 
amendment that was made by the Applicant in the response to previous Office Action. It is 
respectfully submitted that this objection is improper because: (1) the objected amendment was 
an amendment only to the claims; and (2) new matter objections under 35 U.S.C. § 132(a) are 
applicable only to amendments made to the specification but not the claims. (See MPEP § 
706.03(o).) If alleged new matter is added only to a claim, an objection under 35 U.S.C. § 
132(a) should not be made, but the claim should be rejected under 35 U.S.C. § 1 12, first 
paragraph. (See MPEP § 706.03(o), Examiner Note 3.) Therefore, for the purposes of this appeal, 
the Applicant is treating the above objection under 35 U.S.C. § 132(a) as a rejection of Claims 1, 
21, 25, and 29 under 35 U.S.C. § 112, first paragraph. 

The final Office Action asserts that the feature of Claims 1, 21, 25, and 29 of "two or 
more principals respectively associated with the two or more digital signatures have collective 
authority to perform the configuration directives on the host network element" was not 
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described in the application as originally filed. Further, the final Office Action asserts that the 
term "home network" was not included within the application as originally filed. These 
assertions are clear errors. 

The feature of Claims 1, 21, 25, and 29 of "two or more principals respectively 
associated with the two or more digital signatures have collective authority to perform the 
configuration directives on the host network element" is described in the originally filed 
specification at least in the following paragraphs: [0030] (e.g., ". . .the principals in the signatures 
have a combined authority to make the configuration change"), [0035] (e.g., ". . . multi-level 
authorization model that uses multiple digital signatures"), [0060]-[0061] (e.g., ". . . two persons 
sign the configuration in series", TABLE 4 - Example Multiple-Signed Configuration, in which 
"... an individual signed the configuration and then the individual's manager signed the 
resultant"), [0069] (e.g., ". . . different individuals sign different portions of a configuration, and a 
senior manager signs both of the resultants with one or more separate signatures), [0071] (e.g., 
". . . enabling authorization based on two or more authorized parties"), and [0074] (e.g., "[i]f the 
combined signatures have the requisite authority to make the change, then the configuration 
block is sent to the parser"). Further, originally filed FIG. 3 illustrates a configuration signed 
with multiple signatures, and the original Claim 2 features "verifying that the one or more digital 
signatures is valid and that one or more principals respectively associated with the digital 
signatures have collective authority to perform the directives on the host", where one or more 
principals clearly include two or more such principals. 

With respect to the term "home network", it is respectfully submitted that Claims 1, 21, 
25, and 29 do not include any such term. Claims 1, 21, 25, and 29 feature a "host network 
element", which is a term included in the original Claims 1, 21, 25, and 29. 

For the above reasons, it is respectfully submitted that the rejection of Claims 1, 21, 25, 
and 29 under 35 U.S.C. § 1 12, first paragraph is based on clear errors. Reversal of this rejection 
of Claims 1, 21, 25, and 29 is respectfully requested. 

2. Rejection of Claims 1, 21, 25, and 29 under 35 U.S.C. § 102(e) over BOSLER. 

Claims 1, 21, 25, and 29 comprise the feature of: 

verifying that two or more digital signatures, from the one or more digital 
signatures, are valid and that two or more principals respectively 
associated with the two or more digital signatures have collective 
authority to perform the configuration directives on the host network 
element; 
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The final Office Action asserts that BOSLER describes the above features of Claims 1, 21, 25, 
and 29 in paragraphs [0008] and [0078]. This assertion is a clear error because neither these 
paragraphs nor any other paragraphs of BOSLER describe or suggest the above feature of Claims 
1,21, 25, and 29. 

In paragraph [0008], BOSLER describes a method for carrying out management 
communications between two management nodes of an IT network. Specifically, BOSLER 
describes that a first node is authenticated by using that node's private-public key pair. The 
authenticating step includes verifying the authenticity of the first node's public key by a public- 
key certificate which was automatically granted in a procedure requiring that a time interval 
between an initialization time of the first node and a certificate request time is within a maximum 
time interval for automatic certificate grant. 

Similarly, in paragraph [0078] BOSLER describes a method of authenticated 
management communication by using digital signatures. Specifically, with respect to its Fig. 6, 
BOSLER describes that a first node produces a hash of a management message and encrypts it 
with the first node's private key. The first node then sends the message together with the 
encrypted hash to a second node. The second node verifies the authenticity of the first node's 
public key by means of an associated public-key certificate. If the authenticity of the public key 
is verified, the second node decrypts the received hash with the first node's public key. 
Thereafter, the second node produces another hash of the received message and compares it with 
the decrypted hash. If both hashes are equal, the second node verifies that the message 
originated from the first node. 

Thus, at most BOSLER describes that a network node may use a digital signature 
included in a management message to verify the authenticity of the message sender. However, 
verifying the authenticity of a sender based on a digital signature included in a message as 
described in BOSLER is so different from the feature of Claims 1, 21, 25, and 29 of verifying 
that two or more principals respectively associated with the two or more digital signatures 
have collective authority to perform the configuration directives on the host network 
element that the rejection amounts to clear error. 

Further, neither the paragraphs cited above nor any other paragraphs of BOSLER 
describe or suggest that a management message may be signed with two or more digital 
signatures. Since BOSLER describes using a digital signature for the purpose of authenticating 
a sender node, the sender node does not need to send more than one signature in order to 
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authenticate itself with the receiving node. In fact, BOSLER does not describe or suggest that a 
node may be assigned more than one private key, which means that in BOSLER a node 
CANNOT sign a management message with more than one digital signature. In contrast, Claims 
1, 21, 25, and 29 feature verifying that two or more digital signatures included in a received 
configuration information are valid and that two or more principals respectively associated with 
the two or more digital signatures have collective authority to perform configuration directives 
on a network element. 

Thus, BOSLER is clearly missing the claimed features and this is not a matter of 
"interpreting" the claim. For the foregoing reasons, the rejection of Claims 1, 21, 25, and 29 
under 35 U.S.C. § 102(e) over BOSLER is based on clear errors. Reversal of this rejection of 
Claims 1, 21, 25, and 29 is respectfully requested. 

3. Rejection of Claims 8 and 18 under 35 U.S.C. § 102(e) over BOSLER. 

Claim 8 comprises the features of: 

receiving configuration control information that includes a time period during which 
a valid digital signature is required for applying one or more particular 
configuration directives; 

only when the date-time value is within the time period and the one or more 
configuration directives have not been previously received during the 
time period, attempting to verify the one or more digital signatures 
based on the trust information, and applying the configuration 
directives to a network element only when the one or more digital 
signatures are verified successfully; 

Claim 18 comprises similar features. The final Office Action asserts that BOSLER describes the 
above features of Claims 8 and 18 in paragraphs [0071], [0073], and [0058]. This assertion is a 
clear error because neither these paragraphs nor any other paragraphs of BOSLER describe or 
suggest the above features of Claims 8 and 18. 

In paragraph [0071], BOSLER describes a time interval within which a node must 
request a public key certificate. Significantly, a certificate server would grant a public key 
certificate to a network node only if the node requests the certificate within a particular time 
interval after a management agent is initialized/installed on the node. (See also at least 
BOSLER, paragraph [0010]; paragraph [0073], lines 17-22.) Thus, the time interval described 
by BOSLER is used to determine whether or not a node would be granted a public key 
certificate. 
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In contrast, Claims 8 and 18 include the feature of receiving configuration control 
information that includes a time period during which a valid digital signature is required for 
applying one or more particular configuration directives . A time period during which a valid 
signature is required for applying a configuration directive on a network element (as featured 
in Claims 8 and 18) is completely different from a time interval used to determine whether or not 
a node would be granted a public key certificate (as featured in BOSLER). 

Further, in paragraph [0058] BOSLER describes that a first node and a second node may 
establish a secure session by exchanging a management message that may be authenticated by a 
digital signature. However, BOSLER does not describe or suggest that a management message 
sent by the first node includes any time interval. In fact, there is absolutely nothing in BOSLER 
that describes or suggests that management messages exchanged between nodes may include any 
time intervals indicating that configuration operations specified in the messages can be applied 
on nodes only during these time intervals. In contrast, the time period featured in Claims 8 and 
18 is used to determine whether verification of one or more digital signatures would be 
attempted and whether one or more configuration directives would be applied to a network 
element. 

For the foregoing reasons, the rejection of Claims 8 and 18 under 35 U.S.C. § 102(e) over 
BOSLER is based on clear errors. Reversal of this rejection of Claims 8 and 18 is respectfully 
requested. Further, since each of dependent Claims 3-7, 9-17, 19-20, 23-24, 27-28, and 31-47 
depends directly or indirectly from one of independent Claims 1,8, 18, 21, 25, and 29, 
reconsideration and reversal of the rejection of all dependent claims is hereby respectfully 
requested. 

Respectfully submitted, 

HICKMAN PALERMO TRUONG & BECKER LLP 

Dated: December 14, 2007 /Sto vchoDDraganoff#56 1 8 1 / 
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